Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 27: RHSA-2018:67b75f73fa Critical: GIMP Heap Overflow

fedora
Calendar Grey January 10, 2018
Dist Fedora Esm H88
A recent patch for GIMP on Fedora 27 resolves several buffer overflow vulnerabilities, boosting overall system security.
Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789

Summary

GIMP (GNU Image Manipulation Program) is a powerful image composition and

editing program, which can be extremely useful for creating logos and other

graphics for webpages. GIMP has many of the tools and filters you would expect

to find in similar commercial offerings, and some interesting extras as well.

GIMP provides a large image manipulation toolbox, including channel operations

and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all

with multi-level undo.

Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787

CVE-2017-17788 CVE-2017-17789

[ 1 ] Bug #1529147 - CVE-2017-17785 gimp: Heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529147

[ 2 ] Bug #1529146 - CVE-2017-17789 gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529146

[ 3 ] Bug #1529145 - CVE-2017-17786 gimp: Heap-based buffer over-read in ReadImage function in plug-ins/common/file-tga.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529145

[ 4 ] Bug #1529144 - CVE-2017-17784 gimp: Heap-based buffer over-read in load_image function in plug-ins/common/file-gbr.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529144

[ 5 ] Bug #1529143 - CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529143

[ 6 ] Bug #1529141 - CVE-2017-17788 gimp: Stack-based buffer over-read in xcf_load_stream function in app/xcf/xcf.c

https://bugzilla.redhat.com/show_bug.cgi?id=1529141

su -c 'dnf upgrade gimp' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update Fedora heap overflow GIMP

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 2.8.22
Release: 3.fc27
URL: https://www.gimp.org/
Summary: GNU Image Manipulation Program

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update Fedora heap overflow GIMP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here